Hands-On Ethical Hacking

and Network Defense, 3rd

Edition

Chapter 1
Ethical Hacking Overview
 Objectives

After completing this chapter, you will be able to:

•Describe the role of an ethical hacker
•Describe what you can do legally as an ethical
hacker
•Describe what you can’t do as an ethical hacker

Hands-On Ethical Hacking and Network Defense, 3rd 2

Edition
 Introduction to Ethical Hacking
• Ethical hackers
– Hired by companies to perform penetration tests
• Penetration test
– Attempt to break into a company’s network to find
the weakest link
• Vulnerability assessment
– Tester attempts to enumerate all vulnerabilities found
in an application or on a system
• Security test
– Besides a break in attempt; includes analyzing
company’s security policy and procedures
Hands-On Ethical Hacking and Network Defense, 3rd 3
Edition
 The Role of Security and Penetration
Testers
• Hackers
– Access computer system or network without
authorization
• Breaks the law; can go to prison
• Crackers
– Break into systems to steal or destroy data
• U.S. Department of Justice calls both hackers
• Ethical hacker
– Performs most of the same activities with owner’s
permission

Hands-On Ethical Hacking and Network Defense, 3rd 4

Edition
 The Role of Security and Penetration
Testers
• Script kiddies or packet monkeys
– Younger, inexperienced hackers who copy codes
from knowledgeable hackers
• Programming languages used by experienced
penetration testers
– Python, Ruby, Practical Extraction and Report
Language (Perl), C language
• Script
– Set of instructions
– Runs in sequence to perform tasks

Hands-On Ethical Hacking and Network Defense, 3rd 5

Edition
 The Role of Security and Penetration
Testers
• Hacktivist
– A person who hacks computer systems for political
or social reasons
• Penetration testers usually have:
– A laptop computer with multiple OSs and hacking
tools

Hands-On Ethical Hacking and Network Defense, 3rd 6

Edition
 The Role of Security and Penetration
Testers
• Job requirements for a penetration tester might
include:
– Perform vulnerability, attack, and penetration
assessments in Intranet and wireless environments
– Perform discovery and scanning for open ports
– Apply appropriate exploits to gain access
– Participate in activities involving application
penetration
– Produce reports documenting discoveries
– Debrief with the client at the conclusion

Hands-On Ethical Hacking and Network Defense, 3rd 7

Edition
 Penetration-Testing Methodologies
• White box model
– Tester is told about network topology and technology
• May be given a floor plan
– Tester is permitted to interview IT personnel and
company employees
• Makes tester’s job a little easier
• Black box model
– Staff does not know about the test
– Tester is not given details about technologies used
• Burden is on tester to find details
– Tests security personnel’s ability to detect an attack
Hands-On Ethical Hacking and Network Defense, 3rd 8
Edition
 Penetration-Testing Methodologies
• Gray box model
– Hybrid of the white and black box models
– Company gives tester partial information (e.g., OSs
are used, but no network diagrams)
• Black box model
– No information is provided except IP address.

• White box model

– Additional access to the code level access
– Required Role based credentials
– ETC
Hands-On Ethical Hacking and Network Defense, 3rd 9
Edition
 Certification Programs for Network
Security Personnel
• Certification programs
– Available in almost every area of network security
• Minimum certification
– CompTIA Security+ or equivalent knowledge
• Prerequisite for Security+ certification is CompTIA
Network+

Hands-On Ethical Hacking and Network Defense, 3rd 10

Edition
 Offensive Security Certified
Professional
• OSCP
– An advanced certification that requires students to
demonstrate hands-on abilities to earn their
certificates
– Covers network and application exploits
– Gives students experience in developing
rudimentary buffer overflows, writing scripts to collect
and manipulate data, and trying exploits on
vulnerable systems

Hands-On Ethical Hacking and Network Defense, 3rd 11

Edition
 Certified Ethical Hacker
• Developed by the International Council of
Electronic Commerce Consultants (EC-Council)
– Based on 22 domains (subject areas)
– Web site: www.eccouncil.org
• Most likely be placed on a team that conducts
penetration tests
– Called a Red team
• Conducts penetration tests
• Composed of people with varied skills
• Unlikely that one person will perform all tests

Hands-On Ethical Hacking and Network Defense, 3rd 12

Edition
OSSTMM Professional Security Tester
(OPST)
• Open Source Security Testing Methodology Manual
(OSSTMM) Professional Security Tester
– Designated by the Institute for Security and Open
Methodologies (ISECOM)
– Based on Open Source Security Testing
Methodology Manual (OSSTMM)
• Written by Peter Herzog
– Five main topics (i.e., professional, enumeration,
assessments, application, and verification)
– Web site: www.isecom.org

Hands-On Ethical Hacking and Network Defense, 3rd 13

Edition
Certified Information Systems Security
Professional
• CISSP
– Issued by the International Information Systems
Security Certification Consortium (ISC2)
– Not geared toward technical IT professionals
– Tests security-related managerial skills
• Usually more concerned with policies and procedures
– Consists of ten domains
– Web site: www.isc2.org

Hands-On Ethical Hacking and Network Defense, 3rd 14

Edition
 SANS Institute
• SysAdmin, Audit, Network, Security (SANS)
Institute
– Offers training and IT security certifications through
Global Information Assurance Certification (GIAC)
• Top 25 Software Errors list
– One of the most popular SANS Institute documents
– Details most common network exploits
– Suggests ways of correcting vulnerabilities
– Web site: www.sans.org

Hands-On Ethical Hacking and Network Defense, 3rd 15

Edition
 Which Certification is Best?
• Penetration testers and security testers
– Need technical skills to perform duties effectively
– Must also have:
• A good understanding of networks and the role of
management in an organization
• Skills in writing and verbal communication
• Desire to continue learning
• Danger of certification exams
– Some participants simply memorize terminology
• Don’t have a good grasp of subject matter

Hands-On Ethical Hacking and Network Defense, 3rd 16

Edition
 What Can You Do Legally
• Laws involving technology change as rapidly as
technology itself
– Keep abreast of what’s happening in your area
• Find out what is legal for you locally
– Be aware of what is allowed and what you should
not or cannot do
• Laws vary from state to state and country to country
– Example: In some states, the possession of
lockpicking tools constitutes a crime

Hands-On Ethical Hacking and Network Defense, 3rd 17

Edition
 Laws of the Land
• Some hacking tools on your computer might be
illegal
– Contact local law enforcement agencies before
installing hacking tools
• Laws are written to protect society
– Written words are open to interpretation
– Example: In Hawaii, the state must prove the person
charged had the “intent to commit a crime”
• Government is getting more serious about
cybercrime punishment

Hands-On Ethical Hacking and Network Defense, 3rd 18

Edition
 Laws of the Land

Table 1-1 An overview of recent hacking cases (continues)

Hands-On Ethical Hacking and Network Defense, 3rd 19

Edition
 Laws of the Land

Table 1-1 An overview of recent hacking cases (cont’d)

Hands-On Ethical Hacking and Network Defense, 3rd 20

Edition
 Laws of the Land
• Electronic Transaction Act 2063 - Nepal
– Initially developed for PKI establishment

Hands-On Ethical Hacking and Network Defense, 3rd 21

Edition
 Is Port Scanning Legal?
• Some states consider it legal
– Not always the case
– Be prudent before using penetration-testing tools
• Federal government does not see it as a violation
– Allows each state to address it separately
• Research state laws
• Read your ISP’s “Acceptable Use Policy”

Hands-On Ethical Hacking and Network Defense, 3rd 22

Edition
 Is Port Scanning Legal?

Figure 1-2 An example of an acceptable use policy

Hands-On Ethical Hacking and Network Defense, 3rd 23

Edition
 Is Port Scanning Legal?
• IRC “bot”
– Program that sends automatic responses to users
– Gives the appearance of a person being present
• Some ISP’s may prohibit the use of IRC bots

Hands-On Ethical Hacking and Network Defense, 3rd 24

Edition
 What You Cannot Do Legally
• Illegal actions:
– Accessing a computer without permission
– Destroying data without permission
– Copying information without permission
– Installing viruses that deny users access to network
resources
• Be careful your actions do not prevent client’s
employees from doing their jobs

Hands-On Ethical Hacking and Network Defense, 3rd 25

Edition
 Get It In Writing
• Using a contract is good business
– May be useful in court
• Books on working as an independent contractor
– Getting Started as an Independent Computer
Consultant by Mitch Paioff and Melanie Mulhall
– The Consulting Bible: Everything You Need to Know
to Create and Expand a Seven-Figure Consulting
Practice by Alan Weiss
• Internet can also be a helpful resource
– Free modifiable templates
• Have an attorney read your contract before signing
Hands-On Ethical Hacking and Network Defense, 3rd 26
Edition
 Ethical Hacking in a Nutshell
• Skills needed to be a security tester
– Knowledge of network and computer technology
– Ability to communicate with management and IT
personnel
– An understanding of the laws in your location
– Ability to apply necessary tools to perform your tasks
– Communication and Writing Skills

Hands-On Ethical Hacking and Network Defense, 3rd 27

Edition
 Summary
• Companies hire ethical hackers to perform
penetration tests
– Penetration tests discover vulnerabilities in a
network
– Security tests are performed by a team of people
with varied skills
• Penetration test models
– White box model
– Black box model
– Gray box model

Hands-On Ethical Hacking and Network Defense, 3rd 28

Edition
 Summary
• Security testers can earn certifications
– CEH
– CISSP
– OPST
• As a security tester, be aware
– What you are legally allowed or not allowed to do
• ISPs may have an acceptable use policy
– May limit ability to use tools

Hands-On Ethical Hacking and Network Defense, 3rd 29

Edition
 Summary
• Laws should be understood before conducting a
security test
– Federal laws
– State laws
• Get it in writing
– Use a contract
– Have an attorney read the contract
• Understand tools available to conduct security tests
– Learning how to use them should be a focused and
methodical process

Hands-On Ethical Hacking and Network Defense, 3rd 30

Edition